Maintaining Privacy

As databases become increasingly widespread, more and more people will find that data about them appear in databases. The data might have been gathered as part of an experiment or might represent information collected by doctors during normal medical care of patients; they could include genetic information, medical histories, and other personal details. But whatever their form, warned Stanford's Gio Wiederhold, those who work with databases must be careful to respect the privacy and the concerns of the people whose data appear in them.

“You have to be very careful about how people will feel about your knowledge about them,” he said. Detailed medical information is a sensitive subject, but genetic information may well be even touchier. Genetic data can be used for paternity testing, for detecting the presence of genetic diseases, and eventually for predicting a person 's physical and psychologic propensities. “Privacy is very hard to formalize and doesn't quite follow the scientific paradigm that we are used to. That doesn't mean that it is not real to people—perceptions count here. I request that scientists be very sensitive to these kinds of perceptions, make every possible effort to recognize the problems that they entail, and avoid the backlash that can easily occur if privacy is violated and science is seen in a negative light. ”

There are also a number of practical issues in preserving privacy, Wiederhold noted, such as the possibility of unethical use of genetic information by insurance companies. Methods for protecting privacy have not kept pace with the increasing use of shared databases.

“In our work, we are always collaborating,” Wiederhold said, “but the technical means that we have today for guarding information come from commerce or from the military and are quite inadequate for protecting collaboration.” In those other fields, the first line of defense has been to control access and to keep all but a select few out of a database altogether. That won't work in research: “We have to give our collaborators access.”

Those who run databases that contain sensitive information will therefore need to find different approaches to protecting privacy. “We have to log and monitor what gets taken out. It might also be necessary to ensure that some types of information go out only to those who are properly authorized,” he said, noting the well-reported case of a person who logged onto an Internet music site and, instead of downloading a music track, downloaded the credit-card numbers of hundreds of thousands of the site's customers. “They obviously were not checking what people were taking out. The customer had legitimate access, but he took out what he shouldn't have taken out.”

Wiederhold concluded: “Unless we start logging the information that is taken out, and perhaps also filtering, we will not be fulfilling our responsibilities.”

The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement